The Ministry of Home Affairs (KDN) has denied that personal data of 22.5 million Malaysians from the national registration department (JPN) have been leaked online. Its minister, Hamzah Zainudin, further added that the alleged dataset did not belong to the department, despite the claims of a database seller.
Just in case you missed it, it was discovered yesterday that an individual has allegedly gained JPN’s dataset containing personal data of Malaysians born from 1940 to 2004, and placed it up for sale on a well-known database marketplace forum. The seller also claims that the leaked 160GB dataset consisted of various critical details such as name, IC number, address, date of birth, gender, race, religion, mobile number, and Base54-based photo.
As we’ve pointed out prior to this, the individual also went as far as to publish the personal information belonging to Hamzah Zainudin as proof. In the forum post, the dataset is being placed on sale for US$ 10,000 (~RM43,870), accepted in Bitcoin or Monero cryptocurrencies.
“We (KDN) have a mechanism to verify that the data sold is not from JPN,” Hamzah told reporters earlier today. “As in previous cases, the sale of data involves agencies that are given authorisation to receive information from JPN.”
The minister added that an investigation regarding the alleged theft and the involved seller is currently being carried out. On that note, he claims initial findings have found the data sold was actually gained from different sources. “All individuals involved in the sale of personal data will be called to assist in the investigation and the results of the full investigation will be announced soon,” Hamzah said.
Furthermore, the minister also noted that the standard operating procedure (SOP) for obtaining personal data through agencies under JPN will be placed under review. “JPN feels there is a need for personal data to be obtained directly from the department so that issues like this do not arise,” he added.